Dragonfry1.0和Dragonfry2.0
https://otx.alienvault.com/adversary/Energetic%20Bear/pulses
https://securityaffairs.co/wordpress/62782/hacking/dragonfly-2-0-campaigns.html
CISA警告
https://www.us-cert.gov/ncas/alerts/TA18-074A
https://www.cyberscoop.com/us-nuclear-hack-russia-energetic-bear-fireeye-phishing-watering-hole/
至少在2010年就活跃在APT组织中。该组织倾向于GJ专注于能源和工业领域的不同公司
针对能源行业
IRON LIBERTY通常会部署Karagany恶意软件。在许多情况下,威胁组还使用MCMD远程访问工具来下载和安装开源SoftEtherXXX应用程序。通过使用合法的XXX软件来建立从C2基础架构到目标系统的TLS加密网桥,IRON LIBERTY能够隐藏其网络流量,而无需部署其他自定义恶意软件。IRON LIBERTY还使用受损的服务帐户来访问系统,以安装和升级Karagany恶意软件,有时是通过PsExec进行远程安装。
http://www.hackdig.com/09/hack-48783.htm
Havex、Sysmain、Backdoor.Oldrea
https://en.wikipedia.org/wiki/Havex
https://www.netresec.com/index.ashx?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans
https://www.netresec.com/?page=Blog&month=2014-11&post=Observing-the-Havex-RAT
http://www.emrsolutions.ie/wp-content/uploads/2014/12/Belden-White-Paper-Dragonfly-Cyber-Security-Attacks.pdf
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080840/Kaspersky_Lab_crouching_yeti_appendixes_eng_final.pdf
Crouching Yeti恶意软件
https://www.kaspersky.com.cn/resource-center/threats/crouching-yeti-energetic-bear-malware-threat
https://usa.kaspersky.com/resource-center/threats/crouching-yeti-energetic-bear-malware-threat#.V57CLZMrJo4
karaganyRAT(HTTPS)
https://www.cyber.nj.gov/threat-profiles/trojan-variants/karagany
https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector
2014年
EB
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080817/EB-YetiJuly2014-Public.pdf
Heriplor和KaraganyMUMA
2017年10月20日
西方能源部门、Phishery
https://symantec-blogs.broadcom.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks
https://blog.talosintelligence.com/2017/07/template-injection.html
https://resources.infosecinstitute.com/dragonfly-2-0-alleged-nation-state-actor-hit-energy-sector/#gref
分析
https://paper.seebug.org/395/
https://paper.seebug.org/388/
土耳其
https://www.riskiq.com/blog/labs/energetic-bear/
EnergeticBear分析
https://ics-cert.kaspersky.com/reports/2018/04/23/energetic-bear-crouching-yeti-attacks-on-servers/
https://ics-cert.kaspersky.com/media/EB_public_FINAL_EN_20042018.pdf
2018年4月23日
对服务器的GJ
https://securelist.com/energetic-bear-crouching-yeti/85345/
https://ics-cert.kaspersky.com/reports/2018/04/23/energetic-bear-crouching-yeti-attacks-on-servers/来源:oschina
链接:https://my.oschina.net/u/4287100/blog/3221344